=Paper=
{{Paper
|id=Vol-412/paper-4
|storemode=property
|title=Event-Based Decision Management in Compliance Management - A Discussion Paper
|pdfUrl=https://ceur-ws.org/Vol-412/paper4.pdf
|volume=Vol-412
}}
==Event-Based Decision Management in Compliance Management - A Discussion Paper==
https://ceur-ws.org/Vol-412/paper4.pdf
Event-Based Decision Management in Compliance
Management - A Discussion Paper
Marwane El Kharbili
ARIS Research, IDS Scheer AG, Altenkesseler Str. 17, D-66115 Saarbrücken, Germany.
E-mail: marwane.elkharbili@ids-scheer.com
Abstract. Compliance is a critical enterprise management concern, particularly
in business process-oriented organizations. We introduce an event ontology part
of a policy and rules ontology for compliance modeling and enforcement. The
policy and rules ontology is able to take decisions depending on the state of an
enterprise model. In our work, events are used to support modeling complex
decision-making patterns and propagation. We present an ontology for
modeling events for compliance policies and rules and discuss its use in our
compliance management framework.
1 Introduction
Compliance management has been identified as one core topic of research for making
business process management (BPM) the enabler for more reliability and business
sustainability. In [1], we motivated the need for compliance management in BPM and
motivated the use of policies and rules for compliance modeling and enforcement. A
framework for compliance management in BPM was introduced and its architecture
discussed. In [2], we explained how using policies and rules together with domain
policies can be used for modeling compliance. In modeling compliance policies and
rules, events play an important role. In our framework, policies are used for modeling
decisions and rules encompass the logic attached to making these decisions,
depending on the context of policy enforcement. Rules are also responsible for
deciding which actions need to be taken and by which entity under jurisdiction of a
policy. However, modeling decisions is still made hard for the class of decisions
which cannot be directly executed by a rule directly linked to a policy (simple
decisions). The other class of decisions, called complex decisions, may request calling
several rules not directly linked to the decision-making policy or may require
propagating a decision to other dependent rules for further processing.
In our approach, we separate between decision-making and action-taking.
Decisions can request other rules to make other decisions and/or request a responsible
entity to execute some action (fig 1). Our goal is to allow modeling complex decision-
making by using events as a mean of linking decision-making units (business rules) to
other decision-making units as in figure 1. In the following, we motivate this use of
events by giving an use case scenario and explain our approach to realizing this. We
�2 Marwane El Kharbili
then show how our approach integrates in the SUPER semantic BPM (SBPM)
framework and then conclude our proposal.
…
Policy
AND
Complex
Decision
Rule Logical Operator
for Complex
AND decision Decision
Propagate
Decision
Action
AND
Fig1.: Decision-Making Tree: Policies, Rules, decisions, Actions.
2 Event Management in a Compliance Framework
Let us take the example of a security rule for intrusion detection. A system is under
jurisdiction of a security policy P. As individual I accesses a resource of system S, an
intrusion detection rule (called IDR) fires and (using certain intrusion detection logic
provided by a security rule) decides that I is an intruder. Another rule (called NF),
which decides which person should be notified about this intrusion and another rule
(called IDP), which decides on further actions that need to be made depending on the
resource accessed by the intruder should also fire. Rules IDP and NF are dependent
on rule IDR. Using events, we can easily link rule IDR to the NF and IDP rules. This
can be done by making rule IDR generate a well defined event and subscribing rules
NF and IDP (configuring NF and IDP to listen) to this event. The event carries among
other information the ID of the rule that has fired it and the protected resource being
accessed. Events become thus the link that provides declarative automation in
modeling complex decision-making in our compliance framework. We think that this
idea can be easily generated to all rule frameworks for modeling complex decisions.
In [3], a survey of event-driven architecture (EDA) is given that also proposes
event modeling for reacting to situations and making decisions. Here, formal
modeling of situations is used, while we rely on enterprise model state-based context
definition from our compliance framework [1]. In [4], the authors propose a logic
based formalism for modeling events in an EDA. Both works recognize the same
issues as we do. Next, we introduce a core ontology for modeling events for policies
and rules (BPREO) of the compliance framework (fig. 2). Central concepts are the
rule and policy concepts. Policies are used to model compliance measures and rules
contain the necessary logic for enforcing these policies. A policy acts on a subject
which itself can occur in a business process (e.g. artifact such as BP activity), or can
be any type of resource (e.g. role individual or network printer) supported by the
policy. Subjects have states and belong to an event scope, which is the set of subjects
which can produce/be influenced by this event. For example, a resource access event
is fired when the state of a resource changes from unaccessed to accessed. Rules and
policies also belong to a logical event scope, which is the set of policies and rules
� Event-Based Decision Management in Compliance Management - A Discussion Paper 3
which can trigger or are activated (policy)/invoked (rule) by this event. The input
event type is used by rules as an invocation input and transports information
necessary for the rule to correctly execute. The output event type is used as a mean to
communicate to the compliance framework information about rule execution and
transports instructions on how to further conduct the process initiated by the policy
having been activated.
AND OR XOR NOT
hasLogicalScope
*
EventScope
* use sOperator * * belongsToEventScope
LogicalOperator EventEx pression 1
hasEventScope
0..1 includesEve nt
definesEvent
* * Process Model
* *
Eve nt occursIn
* * *
containsEvent 1..*
+ * +TriggeredByRule: Rule[1] 1 1 * *
containsCom plexEvent * +TriggeredByPolicy: Policy[1] State Subje ct
+
ComplexEvent isA +FiresEvents: Lis t[1] changeState
* de fine sSta te
+TriggersRule: Rule[*] * *
Generalization *
+EventCategory: String[1]
+
* policyActsOn
activatedByState
isA isA TriggeredBy
EventPatte rn Eve ntStrea m
*
1..* Ge nera teEvent *
Policy
Input Event Output Event + 1
de fine sStrea m
* +PolicyID [1] EventLogicScope
1 * +Is Implemented [1]
* *
EventCorrelation Rule * *
ha sPolicyRule belongsToPolicyEve ntScope
* *
belongsToRuleEve ntScope
Fig 2. A Core Event Ontology for the Business Policy and Rules Ontology.
An event can itself fire other events if necessary. An event can be itself
implemented as one of two types: (i) Complex Events and (ii) Event Streams. These
both approaches to event processing are identified and implemented by existing major
complex event processing (CEP) solutions. Events can be event expressions which
combine atomic events in logical events using Boolean operators (AND, OR, NOT,
XOR) to express complex events. We give in that simply using Boolean operators for
complex events is not expressive enough. First of all, complex events may be defined
not only using event occurrences (e.g. Ev1 AND (Ev2 OR Ev3)) but also using meta-
data transported by these events (e.g. Ev1.Att1 == Value1 AND Ev2.Att2 ==
Value2). Complex events could thus be a combination of event occurrences and rules
expressed on the state of the system modeled using event meta-data. This shows the
high inter-dependency between events and rules, as events are used to model complex
business decisions, and other rules are used to model complex events. Secondly a
complex event could be itself a tree of logical expression of events, with each event
being at the same time an event and a node that has a sub-tree of events attached to it.
This view maps directly to fig. 1 where decision nodes could at the same time be
business rule invocation and a call to some action taking entity. This means that the
decision-making tree example given in fig. 1 could be implemented using a complex
event in the form of an event tree, with rules attached to each node that contain policy
enforcement logic. Each node in the tree is actually a Boolean expression of the
events in its sub-tree. Event patterns form reusable sets of complex events expressed
in generic way, possibly using place-holders for both event types in Boolean event
expressions and rules on event meta-data, as well as pre-defined event trees.
�4 Marwane El Kharbili
Another way of modeling events would be event stream processing (ESP). The
STREAM1 system tackles just this issue (more fundamentally for data streams) and
the open source ESPER2 tool provides CEP/ESP functionalities. ESP engines rely on
modeling correlations patterns between singletons in an event stream and offer a
query language3 for identifying patterns (logical and temporal constraints). BPM and
Middleware vendors also incorporate tools for CEP such as ARIS Process Event
Monitor4 or TIBCO Business Events5. Our core ontology needs to interface with such
systems in order to be able to process complex events as far as event processing
doesn’t require it to be done on a formal semantic level. This question will be
evaluated in future works where we will design an architecture for event-based
decision-making for compliance management, together with the problem of
serializing policy and rule ontology events in formats processable by CEP and ESP
tools. Another interrogation of ours is how to combine our event ontology with the
SUPER EVO ontology of events for business process analysis (BPA). As policy-
based compliance controlling (monitoring and analysis) is one component of our
compliance framework, we will attempt using events for logging relevant information
for later analysis purposes or even real-time compliance analysis.
3 Conclusion
We devised a core event ontology for supporting policy-based decision management,
for use in compliance management. We will next seek to design an architecture for
modeling compliance policies using complex event processing, and integrate this
architecture in the SUPER platform for semantic business process management.
References
1. El Kharbili, M.; Stein, S.; Markovic, I. & Pulvermüller, E. Towards a Framework for
Semantic Business Process Compliance Management. In Proceedings of the workshop on
Governance, Risk and Compliance for Information Systems, June 2008 (pp. 1-15).
2. El Kharbili, M.; Stein, S.; Markovic, I. & Pulvermüller, E. Towards Policy-Powered
Semantic Enterprise Compliance Management. In 3rd International Workshop on Semantic
Business Process Management (pp. 16-21), June 2008.
3. Kay-Uwe Schmidt, Darko Anicic, and Roland Stühmer: Event-driven Reactivity: A Survey
and Requirements Analysis. In 3rd International Workshop on Semantic Business Process
Management (pp. 72-86) June 2008.
4. Stojanovic N Anicic D. Towards creation of logical framework for event-driven information
systems. In: 10th International Conference on Enterprise Information Systems, 2008.
1
Stanford's STREAM project: http://infolab.stanford.edu/stream/
2 http://esper.codehaus.org/
3 Continuous Query Language (CQL) from STREAM and Event Query and Causality Pattern
Language from ESPER
4 www.ids-scheer.com/en/ARIS/ARIS_Software/ARIS_Process_Event_Monitor/73867.html
5 http://www.tibco.com/software/complex_event_processing/businessevents/default.jsp
�